SOLVED - openvpn-multiwan-port share tcp 80 not work, pleas help
first, i dont find on forum same configuration and same problem, therefore i wrote this topic.
I have pfsense 2.1.5 x86 with only setup firewall and suricata.
Have this configuration:
3x WAN (1. 10.0.0.4, 2. 22.214.171.124, 3. 10.0.0.4)
1x LAN (192.168.0.1)
Want openvpn server runing on localhost and portforward wan trafic to localhost where bind openvpn server.
I setup nat:
WAN1 TCP * * WAN1adress 80 127.0.0.1 1190
WAN2 TCP * * WAN2adress 80 127.0.0.1 1190
WAN3 TCP * * WAN3adress 80 127.0.0.1 1190
I setup Openvpn server:
device mode: tun
local port: 1190
advanced: push "route 192.168.0.0 255.255.255.0";port-share 10.0.0.4 80;
Problem is, that i want use on wan side TCP port 80 (http). I added to openvpn server advanced config this:
port-share 10.0.0.4 80
But i still have this in client log when connect:
WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart…]
EDIT: i changed pfsense webconfigurator listen port to 81 and remove port-share 10.0.0.4 80, with no luck…. Before that i alo try port-share 10.0.0.4 443 also with no luck...
EDIT2: ok, now i disable on wan bogon and private network and disable NAT to localhost. Now i try what is runing on tcp 80 wan port . And there is pfsense webconfigurator. Is trhere any solution how to force run web configurator only on lan interface (binding only to specific interface)?
EDIT3: i disable webconfigurator redirection option in advanced menu and switch to https but also with no luck
EDIT4: got it work, disable webconfigurator redirection, set webconfigurator to use HTTPS, openvpn server bint to localhost on tcp 1194 (default openvpn port), creata NAT rules for all wan "WAN1 TCP * * WAN1adress 80(http) 127.0.0.1 1194(openvpn)", on wan interfaces add allow rule "IPv4 TCP * * WAN1adress 80(http) * * *". Restart and ok...